Oddbean

Have you ever heard “you should encrypt your hard drive” on a technology video channel? What does that even mean really? Doesn’t the Linux operating system have a user password? Is that encryption or protection? Let’s break it down: User passwords on the operating system, protect you from hackers over the internet. The password provides a safeguard against anyone accessing the operating system or system resources remotely. But a password for a user on the operating system does NOT protect you against someone in person pulling the hard-drive out and opening the files using a different operating system. Hard-drive encryption prevents an in-person attack. If an attacker were to pull the hard-drive out and access it with another operating system, then it would still be encrypted and require the password. This type of protection is also referred to as “disc encryption” or “full drive encryption.” Here at Simplified Privacy we recommend you have both types of protection. It’s easy to setup. Many Linux distributions will ask you (when you first install and set up the operating system) if you want to encrypt the drive. Then they may or may not give you the option to pick a completely separate password for disc encryption vs the operating system user. For example, on the Linux distribution Debian, they will ask you for 2 separate passwords. But on Linux Mint, when you choose the option to encrypt the drive, it automatically makes your disc encryption password the same as for the user login. Forgotten passwords If you forget your operating system password, you can recover from this. You can enter the operating system by other means to reset it. But on the other hand, if you forget your LUKS hard-drive encryption password, then you’re screwed. There would be no alternative way to get in. Different passwords On a Linux distribution that does allow for separate passwords for operating system vs disc encryption, you should take advantage of this opportunity and use different passwords. This will make it incredibly difficult for anyone to access your files without your authorization because they’d have to crack 2 passwords. $5 wrench In the cybersecurity industry, there is a term for using low tech methods to break into files called the “$5 wrench.” From an academic perspective, a computer system or file encryption may be secure from a technological hack, so the user may get an overly confident sense of security that he or she is invincible. But encryption can’t provide protection from an attacker drugging the user and beating them with a $5 wrench until they confess the password. Because of the $5 wrench threat, always consider what the effects of someone demanding the password or breaking the full disc encryption are. This is one of the reasons to consider also using Veracrypt for computers and the Duress app for phones for additional protection.